A dynamic taint tracking based method to detect sensitive information leaking

Author

Weiming Li ; Yilin Yan ; Hao Tu ; Jia Xu

Author_Institution

Network & Comput. Center, Huazhong Univ. of Sci. & Technol., Wuhan, China

fYear

2014

fDate

17-19 Sept. 2014

Firstpage

1

Lastpage

4

Abstract

Sensitive information leaking of network servers attacked by malwares or hackers is a serious security risk of Internet. The paper presents a dynamic taint tracking based method to automatically detect sensitive data leaking. The method automatically tags sensitive data as taint data and monitors the propagation of taint data in memory. If the sensitive data is sent by sockets or written into files, the method will alert and record detail leaking context. The whole process does not need modifying the network server source code or relying on particular server programming languages. The research is useful to improve security of all kinds of network. In the experiment part, successfully detecting the OpenSSL Heartbleed attack proves the effectiveness of the method.

Keywords

Internet; security of data; Internet security risk; OpenSSL Heartbleed attack; dynamic taint tracking based method; hackers; malwares; sensitive data leaking detection; sensitive information leaking detection; server programming languages; taint data propagation; Cryptography; Internet; Monitoring; Network servers; Servers; Tagging; dynamic taint tracking; network security; sensitive information leaking;

fLanguage

English

Publisher

ieee

Conference_Titel

Network Operations and Management Symposium (APNOMS), 2014 16th Asia-Pacific

Conference_Location

Hsinchu

Type

conf

DOI

10.1109/APNOMS.2014.6996578

Filename

6996578